Ensure possible alg none for RequestObject

cicnavi · cicnavi · commit 8d3a8e6ac6bf · 2025-12-02T12:37:29.000+01:00
diff --git a/src/Core/RequestObject.php b/src/Core/RequestObject.php
@@ -12,18 +12,39 @@
 class RequestObject extends ParsedJws
 {
     /**
+     * Get Algorithm. Overridden to allow the 'none' algorithm.
+     *
+     * @return ?non-empty-string
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
-     * @throws \SimpleSAML\OpenID\Exceptions\RequestObjectException
      * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
      */
-    public function isProtected(): bool
+    public function getAlgorithm(): ?string
     {
-        $algHeader = $this->helpers->type()->ensureString(
-            $this->getHeaderClaim(ClaimsEnum::Alg->value) ?? throw new RequestObjectException(
-                'Alg header is missing.',
-            ),
+        $claimKey = ClaimsEnum::Alg->value;
+
+        $alg = $this->getHeaderClaim($claimKey);
+
+        if (is_null($alg)) {
+            throw new RequestObjectException('Missing Algorithm header claim.');
+        }
+
+        $alg = $this->helpers->type()->ensureNonEmptyString($alg, $claimKey);
+
+        SignatureAlgorithmEnum::tryFrom($alg) ?? throw new RequestObjectException(
+            'Invalid Algorithm header claim.',
         );
 
-        return $algHeader !== SignatureAlgorithmEnum::none->value;
+        return $alg;
+    }
+
+
+    /**
+     * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @throws \SimpleSAML\OpenID\Exceptions\RequestObjectException
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
+     */
+    public function isProtected(): bool
+    {
+        return $this->getAlgorithm() !== SignatureAlgorithmEnum::none->value;
     }
 }
diff --git a/tests/src/Core/RequestObjectTest.php b/tests/src/Core/RequestObjectTest.php
@@ -70,6 +70,7 @@ protected function setUp(): void
         $this->helpersMock->method('type')->willReturn($typeHelperMock);
 
         $typeHelperMock->method('ensureString')->willReturnArgument(0);
+        $typeHelperMock->method('ensureNonEmptyString')->willReturnArgument(0);
 
         $this->claimFactoryMock = $this->createMock(ClaimFactory::class);
     }

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ protected function setUp(): void`
`70`	`70`	`$this->helpersMock->method('type')->willReturn($typeHelperMock);`
`71`	`71`
`72`	`72`	`$typeHelperMock->method('ensureString')->willReturnArgument(0);`
	`73`	`+ $typeHelperMock->method('ensureNonEmptyString')->willReturnArgument(0);`
`73`	`74`
`74`	`75`	`$this->claimFactoryMock = $this->createMock(ClaimFactory::class);`
`75`	`76`	`}`